Description

WordPress Plugin Smart Marketing SMS and Newsletters Forms is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bring the website offline. WordPress Plugin Smart Marketing SMS and Newsletters Forms version 2.6.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2018/12/04/our-proactive-monitoring-caught-a-wordpress-plugin-vulnerability-that-could-cause-a-website-to-be-fully-disabled/

Related Vulnerabilities

WordPress Plugin MW Font Changer Cross-Site Scripting (4.2.5)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-14443)

WordPress Plugin DP Maintenance Mode Lite Cross-Site Scripting (1.3.2)

Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2022-2048)

WordPress Plugin Travelpayouts:All Travel Brands in One Place Cross-Site Scripting (0.7.12)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass